> On Nov 1, 2007 3:46 PM, Kris Zyp <[EMAIL PROTECTED]> wrote: >> >> It's a sandbox, right? Should be safe. Not so fast: >> >> > last they gave up. rexec was removed from the language.
With the complexity of creating and verifing a sandboxing eval that allows shared mutable objects with some degree of safety, is it conceivable that ES4 could alternately pursue sandboxed eval through a shared nothing construct? I remember that Brendan mentioned that Google Gears approach is a good model, but that it would be premature to standardize. I agree standardizing on the actual Gears API would be strange, however, wouldn't taking a shared nothing approach to sandboxing (using messaging) like gears (but with our own API) be a safer and easier to analyze approach to sandboxing and more reasonable in terms of time constraints for inclusion in ES4 than the scopable eval? Shared nothing techniques are hardly a new PL concept, albiet I am sure it is still not a trivial addition. Just thinking about what it could look like: mySandbox = new Environment(myScriptToSandbox); onmessage=function(message : string) {...} mySandbox.sendMessage("start"); And of course, it seems hard to resist the temptation to entertain the hope that this could be a possible API for adventurous implementors to use for a concurrency construct (use the same API for ConcurrentEnvironment), which could advise ES5's work on concurrency. Kris _______________________________________________ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss